cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1309
Views
0
Helpful
5
Replies
Highlighted
Beginner

Wireless solution with ACS 5.2 and 3rd-party access point

  Hello all. I have windows 7 clients (supplicants), D-link access point (authenticator),  Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server).    I want to setup  EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password.   I've done some configurations,  but  I did not get any result.    in  ACS 5.2   I get  this error message:

11014 RADIUS packet contains invalid attribute(s):                                                        RADIUS Request dropped

One of the attributes in the RADIUS packet did not parse correctly

Please, help me for solving this problem.

5 REPLIES 5

Wireless solution with ACS 5.2 and 3rd-party access point

Hi.

I have the same problem with ACS 4.2 and TP-link AP, i try to use it without certificate authority, I only need login with user and password.

Wireless solution with ACS 5.2 and 3rd-party access point

I just resolve my problem.

in

Interface Configuration > Radius (Microsoft)

enable all checks. Then in Group Setup.

In the group where my user is asign enable all checks in Section

Microsoft RADIUS Attributes

The authentication whitout certificate and TP-link was sucessfull in Iphone, Mac OS, android phone and windows.

This whit ACS 4.2.

The Device in Network Configuration use Radius (IETF).

My next test is use this configuration but with Catalyst and IBSN.

Beginner

Wireless solution with ACS 5.2 and 3rd-party access point

I changed   Authorization Profile to default 'Permit Access'  in  Access Policies -> Authorization -> Rule.

And solved. 

  But  you need  eap certificate for peap-mschapv2  authentification.  

    The problem is: If Client (supplicant)  does not validate a  Radius server certificate for creating eap tunnel,  it does not connect.

     What i did? 

        In windows xp and windows 7 clients  I  unchecked  'Validate certificate'  option and  get successfull connection.

     But  in Iphone,  android phones, tablets  etc.  I don't know what to do.

       I think that it is not true solution.

    May be I  should by  a certificate (for example, from VeriSign) that validates all systems?

Wireless solution with ACS 5.2 and 3rd-party access point

In Android Iphone and MAC OS, in my situation the devices negotiate automatic without certificate, do you enable in

Allow "EAP-MSCHAPv2" and "Allow EAP-GTC" in System configuration > Global Authentication Setup?

Beginner

Wireless solution with ACS 5.2 and 3rd-party access point

You are right. No need certificate in android.  Its connected